Bug 54799 – Diagnostic: Check if Kerberos accounts are missing

Bug 54799 - Diagnostic: Check if Kerberos accounts are missing


Summary:	Diagnostic: Check if Kerberos accounts are missing

Status:	NEW

Product:	UCS
Classification:	Unclassified
Component:	UMC - System diagnostic
Version:	UCS 4.4
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	UMC maintainers
QA Contact:	UMC maintainers

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2022-05-25 14:47 CEST by Julia Bremer
Modified:	2022-08-01 11:30 CEST (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	2: Improvement: Would be a product improvement
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.023
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Julia Bremer

2022-05-25 14:47:20 CEST

In a customer environment, the account krb5PrincipalName=krbtgt/REALM was missing on one backup, because of replication failures.

Because of this, no kerberos ticket could be acquired when authenticating against that backup service. All diagnostic checks were successful at that point.
22_kdc_service.py only checks if all kerberos servers are answering (with an error), ticket generation is not tested. 

We could add a diagnostic check, which checks if all necessary kerberos accounts exist on the server.